Various Methods and Apparatuses for a Central Management Station for Automatic Distribution of Configuration Information to Remote Devices

ABSTRACT

A method, apparatus, and system are described for a central management system to configure remote devices. A device service manager server (DSM) may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that are behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM then sends an initial configuration file to the DSM which makes a master copy of the device configuration file in the DSM&#39;s registry for that DSC.

RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Patent Application Ser. No. 60/982,388, entitled “Means of Providing Virtual IP Address to Automatically Access Remote Network Devices” filed Oct. 24, 2007.

NOTICE OF COPYRIGHT

A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the software engine and its modules, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.

FIELD OF THE INVENTION

Embodiments of the invention generally relate to network devices. More particularly, an aspect of an embodiment of the invention relates to a central management station for automatic distribution of configuration information to remote devices.

BACKGROUND OF THE INVENTION

The challenge of establishing remote access for service organizations lies in overcoming two major hurdles. The first being the need to establish remote access within the parameters of a secure firewall. Firewall configuration is typically based on conservative thinking and designed to be rigorous in defending information and access. Data security is the leading obstacle to remote monitoring and control because a company's security policies are critical to business operations and cannot be hampered, even to increase company profitability. Therefore, the integrity of firewalls must be maintained. Typically, changing security specifications in order to allow for remote access is not an option.

SUMMARY OF THE INVENTION

A method, apparatus, and system are described for a central management system to configure remote devices. A device service manager server (DSM) may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that are behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM then sends an initial configuration file to the DSM which makes a master copy of the device configuration file in the DSM's registry for that DSC.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings refer to embodiments of the invention in which:

FIG. 1 illustrates a block diagram of an embodiment of a system to access to and from networked devices in networks protected by firewalls;

FIG. 2 a illustrates a block diagram of an embodiment of system having a device service manager server located exterior to a first domain protected by a first firewall and a second domain protected by a second firewall;

FIG. 2 b illustrates a block diagram of an embodiment of a system with DSCs each having a conduit manager configured to provide a direct communication tunnel to the DSM by authenticating itself to the DSM and establishing an outgoing TCP/IP stream connection to the DSM and then keeping that connection open for future bi-directional communication on the established TCP/IP stream connection;

FIG. 3 illustrates a block diagram of an embodiment of a system having a central DSM and local DSCs to access to and from networked devices in networks protected by firewalls;

FIG. 4 illustrates a state diagram of an embodiment of the Conduit Manager in the DSC;

FIG. 5 illustrates a block diagram of an embodiment of an automated centralized administration of a distributed system;

FIG. 6 illustrates a block diagram of an example embodiment of a DSM;

FIG. 7 illustrates a block diagram of an example embodiment of a DSC; and

FIG. 8 illustrates a block diagram of an embodiment of the DSM distributing configuration information to the DSCs via an executable boot up file in the DSC.

While the invention is subject to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will herein be described in detail. The invention should be understood to not be limited to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

DETAILED DISCUSSION

In the following description, numerous specific details are set forth, such as examples of specific data signals, named components, connections, networks, etc., in order to provide a thorough understanding of the present invention. It will be apparent, however, to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well known components or methods have not been described in detail but rather in a block diagram in order to avoid unnecessarily obscuring the present invention. Further specific numeric references such as first network, may be made. However, the specific numeric reference should not be interpreted as a literal sequential order but rather interpreted that the first network is different from a second network. Thus, the specific details set forth are merely exemplary. The specific details may be varied from and still be contemplated to be within the spirit and scope of the present invention.

In general, the various methods and apparatus are described to provide a central management system to configure remote devices. A device service manager server (DSM) may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that each has a management module to manage an access module to proxy communications for networked devices behind a firewall on a wide area network relative to a location of the DSM on the wide area network. The DSM serves as a central management station for a distribution of configuration information to the DSCs. An executable boot up file in the DSC is scripted with code to determine a unique ID of that individual DSC device, to determine the DSC's current IP address, to supply the DSM's IP address on the wide area network, and to activate code to initiate communications with the DSM. A device configuration engine in the DSC without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel to the supplied address of the DSM, and the IP redirector module receives this configuration information, cooperates with a user data replication manager module in the DSM to create a device configuration file with the initial configuration information and additional information and then makes a master copy of the device configuration file in the DSM's registry.

FIG. 1 illustrates a block diagram of an embodiment of a system to access to and from networked devices in networks protected by firewalls.

A first device service controller 102 (DSC) in a first network 104 protected by a first firewall 106. The first network 104 may contain a host console 108 associated with the first DSC 102. The host console 108 controls and manages a subset of equipment in a second network 116 protected by a second firewall 114. The second network 116 is located over the Internet from the first network 104 and the host controller 108. The first device service controller 102 in the first network 104 and a second device service controller 112 in a second network 116 cooperate with a device service manager server (DSM) 110 located on the Internet to provide highly secure remote access to the subset of equipment in the second network 116 through the firewalls 106, 114. The device service manager server 110 has an IP redirector program 118 containing code to perform machine-to-machine communications, via a direct communication tunnel, with each device service controller through the firewalls 106, 114. The subset of equipment in the second network 116 may for example, include a server, a PLC device, a motion controller, automation equipment, a printer, a security system and a personal computer.

In operation, the user from the host console 108 opens a connection to a designated port on a local DSC, i.e. the first DSC 102, operating in Host Controller Mode. This local DSC will accept the connection and hold the connection pending the establishment of a connection through to the target device. This local DSC will then initiate a connection to the controlling DSM 110, which will map the connection to a corresponding managed device IP address and port. The local DSC sends its identification information to successfully authenticate itself to the DSM 110. The associated DSC responsible for the target device, i.e. the second DSC 112, will periodically open a secure tunnel with the DSM 110 and determine if there is a pending connection. If there is a pending connection, the DSM 110 will instruct the DSC to initiate a proxy connection to the DSM 110, through which it will pass the traffic for the pending connection. The local DSC behind the firewall holds the direct communication tunnel with the DSM 110 open if there is a pending connection.

The direct communication tunnel between the first DSC 102 and the DSM 110 as well as the direct communication tunnel between the second DSC 112 and DSM 110 combine to allow secure access and management of equipment in a network protected by a firewall from a device external to the network protected by the firewall while maintaining a network's IT policy and the integrity of the network's firewall. The connection points to the first DSC 102 and the second DSC 112 are not publicly exposed outside their respective networks to devices external to their networks because the DSCs 102, 112 are located behind their respective firewall 106, 114 to increase security of the communications through the direct communication tunnel. When the local DSC successfully authenticates to the DSM 110, the DSC can immediately begin providing secure access to any device such as the PLC device, in the network that has been designated as visible to a participating DSC. The designated visible devices have been authorized by the user of the second network 116 to be published.

As discussed, visible associated devices have been authorized by the owner of that domain to be visible/published to the virtual device network VDN (i.e. the VDN includes the equipment in the first and second networks 104, 116 that have been authorized to be visible). The example subset of equipment in the second network authorized to have their information visibly published to the VDN include a server, a PLC device, a motion controller, and the automation equipment, while the printer, a security system and a personal computer have not been authorized by the user to be visible to the VDN.

The local DSC discovers the components within its network and presents the owner of that domain with a graphic user interface asking which network components the owner wishes to make visible/publish their information. The local DSC collects this information, stores this information, and sends the publish information to the DSM. The information can include the DSC's identifier and IP address, and each component's IP address, name, capabilities, protocols supported, etc, within that DSC's network.

FIG. 5 illustrates a block diagram of an embodiment of an automated centralized administration of a distributed system.

The heart of the system is the DSM 510. The Device Services Manager manages a collection of DSCs 502, 512, 513, and 515.

The DSM 510 may have an IP redirector module 518 configured to cooperate with the two or more DSCs 502, 512, 513, 515 that are behind a firewall, such as firewalls 506, 514, 517, and 519, on a wide area network relative to a location of the DSM 510 on the wide area network. The DSM 510 serves as a central management station for automatic distribution of configuration information to the DSCs 502, 512, 513, and 515. An executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM 510 then sends an initial configuration file to the DSM 510. The DSM 510 makes a master copy of the device configuration file in the DSM's registry for that DSC.

Each DSC 502, 512, 513, 515 and the DSM 510 work in concert to provide end-to-end access between associated devices in different Domains. The DSM 510 serves as a proxy connection point for participating DSCs 502, 512, 513, 515. The DSM 110 is a dedicated appliance that relays connections between user hosts and destination devices.

Individual DSC 502, 512, 513, 515 serve as a low cost point of presence on participating LANs. Each DSC 502, 512, 513, 515 is capable of acting simultaneously as both a Host Controller (which originates connections from host systems) and a Device Controller (which receives and manages incoming connections to individual remote devices). Each DSC 502, 512, 513, 515 is configured to proxy connections for both itself and its associated network devices to its parent DSM 510 located beyond the local LAN.

To the remote network, a newly installed DSC functions like a newly installed computer. To access devices on a remote network, the DSC just needs to establish a single out-bound connection to the DSM controlling the VDN. The outbound connection is a conduit communication link between the DSC acting as a Host Controller and the DSM. Once this connection is established, all system configuration, commands and network traffic can pass through the encrypted channel. When the DSC successfully authenticates to the DSM, it can immediately begin providing secure access to individual pieces of pre-authorized equipment.

With no client software to install on a PC or local server by the user and no changes required to either the network configuration or application software at either end of the connection, the DSM and its participating DSCs provide a secure and totally transparent remote access solution. The DSC uploads the software via the local drive port and the rest is scripted by the executable file itself to do the rest.

Thus, the device service manager server 510 may cooperate with one or more device service controllers 502, 512, 513, 515 to manage 1,000's of associated network devices behind firewalls at locations all over the world—securely, through a central point of contact. Each device service controller 502, 512, 513, 515 is configured to connect and manage individual pieces of equipment located behind a firewall and itself is located behind the firewall relative to the location of device service manager server.

FIG. 8 illustrates a block diagram of an embodiment of the DSM distributing configuration information to the DSCs, such as a first DSC 802, via an executable boot up file uploaded via a drive port 834 in the DSC 810. An administrator of the DSM 810 creates a boot up file and embeds a copy of this executable boot up file on a thumb drive. The thumb drive loaded with the executable boot up file accompanies and is shipped with the DSC device 802. The executable boot up file in the DSC 802 is scripted with code to at least 1) determine a unique ID of that individual DSC device, 2) determine the DSC's current IP address, 3) supply the DSM's IP address on the wide area network, and 4) activate code to initiate communications with the DSM 810.

The DSC device 802 uploads the boot up file from the thumb drive via the drive port 834, uses the contents of the boot up file to automatically create the secure communication channel via SSH between the DSC 802 and the DSM 810 and connects to the DSM 810 at its IP address on the WAN. The DSC 802 then authenticates itself to the DSM 810 via the unique ID, device MAC address, and/or potentially associated DNS entry. The DSM 810 then looks up the authenticating information in a reference table maintained in the DSM 810.

In an embodiment, the configuration of individual DSCs occurs by a user at the remote location of the DSC, merely inserting the appropriate portable computer readable medium, such as a thumb Universal Serial Bus (USB) Flash device, containing the boot up file with the initial configuration setting for the DSC into the USB slot on that device, applying power the unit, and waiting for the DSC LED to go green, indicating that it has successfully booted. The user then pushes the FLASH button, which causes the DSC to read the boot up file from the USB Flash device and attempt to contact the DSM. Once the DSC has successfully done so, the DSM LED shall also go green to indicate successful connection. As will be discussed in more detail later, if there is additional configuration information to download, both the DSC LED and the ACTIVITY LED shall flash green, indicating progress in downloading configuration updates. Once the configuration of the DSC is complete, The DSC LED shall again go steady green, indicating that it is ready to start passing traffic.

FIG. 6 illustrates a block diagram of an example embodiment of a DSM. The DSM 110 may contain components such as an IP redirector 618 that includes a Tunnel Manager in the DSM 610, a user interface, a database 620 that includes a registry, an association manager, a policy manager, a replication manager, and other similar components.

FIG. 7 illustrates a block diagram of an example embodiment of a DSC. The DSC 702 may contain components such as an Access Subsystem that includes the following components: an Association Manager; Conduit manager 724; a tunnel manager; and a network manifold 726. The DSC may also include a local database 728 that includes a registry, a Discovery manager 730, device configuration manager, a device monitoring manager, an automation sub system including a device configuration engine 743, a user interface, a power supply 732, a drive port 734, and other similar components.

Referring to FIG. 7, as discussed, the device configuration engine 743 in the DSC 702 without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel, such as via a secure protocol, an encrypted email, or similar method, to the DSM (with individual devices differentiated by device ID, device MAC address and/or potentially associated DNS entry).

Referring to FIG. 6, the DSM IP redirector module 618 receives this configuration information. The DSM 610 has a user data replication manager module 645 to create a device configuration/replication file with this configuration information and additional information and to make a master copy of the device configuration file in the DSM's registry 620. The user data replication manager module 645 then distributes this configuration information back out to the appropriate DSCs in response to the DSC's registering with the DSM 610 or in response to a given DSC performing a system reset. Note, the DSM 610 may also send updates of firmware, software patches, etc. in response to the boot up call.

Referring to FIG. 7, the DSC 702 may be a stand alone device deployed in an existing network. The deployment consists of merely physically plugging in the power to a power connection and power supply circuit of the DSC, plugging in the Ethernet network connection, and inserting the supplied thumb drive into a drive port 734 (i.e. USB flash drive into USB port). That is it! Thus, the DSC 702 is a stand alone device that connects up to the existing network without needing client software to be installed on another host device in that existing network and no network configuration settings are required from an end-user to properly install the DSC onto the existing network. Therefore, avoiding that many enterprise IT departments do not allow unauthorized third party applications to be installed onto their systems. The DSC 702 then resides on the existing network and mediates communication onto that LAN. No networking knowledge is necessary and access to this remote device is automatically configured. No end-user configuration or software installation is required to properly install the DSC onto the existing network.

An auto discovery presence manager program 730 resident in each DSC 702 finds networked equipment on the existing LAN and establishes an instant point of presence on that local network. The discovery presence manager program 730 discovers associated devices on the network by using a polling technique. The discovery presence manager program 730 has a Graphical User Interface (GUI) 749 to ask a user of network whether each discovered piece of network equipment protected by the firewall should be visible for remote access by at least the DSM. The DSC device 702 then collects and sends out the initial configuration file with the designated visible network device information to the central management DSM via the secure channel, which the DSM automatically registers both the local DSC and any associated network devices in the DSM-hosted Identity Registry. This information can then be made available via dynamic DNS, LDAP and DHCP, as well as associated web-based directory service application interfaces. In an embodiment, the Auto Discovery service 730 waits to discover network equipment on the existing LAN until the DSM sends back a copy of the master configuration file as well as any firmware and software updates.

The graphic user interface 749 is configured for the DSM administrator to configure Automated Device Discovery for each associated DSC. Multiple individual scan records may be created which specify either SNMPv1, SNMPv2 or another protocol as the search mechanism. When Automated Device Discovery is activated, scan records are copied to the appropriate DSC, which shall use them to initiate periodic scans of their local LAN for attached network devices.

When a device is discovered, the DSC shall create a Discovery record, which shall include as a minimum the IP address of the discovered device, the discovery protocol used to locate the discovered network device and the identifier of the discovering DSC. The resulting Discovery records shall be replicated back to the DSM for use by the DSM's Association, Configuration and Monitoring Service components. Each such Discovery record shall be assigned a unique ID, which shall allow the administrator to disambiguate references to individual configurations and discovered devices. The DSM then sends back a local copy for the DSC to store in its registry 728.

Thus, each DSC 702 of the two or more DSCs serves as a local registration authority, accepting registration requests from associated network devices on the existing local LAN, as well as polling for associated network devices on the local LAN. The DSC 702 will maintain a registry 728 of associated devices and will be able to automatically register both themselves and associated devices with its parent DSM registry. Each DSC 702 feeds this data to the parent DSM. Each DSC 702 participates in device discovery and directory service by registering associated devices discovered by using polling techniques.

Referring to FIG. 6, the DSM 610 provides centralized administration of the distributed system of DSC across the wide area network and proxy communications between those DSCs. An administrator with a GUI 651 from the DSM 610 creates a full device configuration record in Central Registry 620 from the initial configuration file with additional information including making pair associations of an existing device configuration with a specific discovered device, persistent state information, etc. The Central Configuration Registry 620 stores the configuration information and the user data replication manager makes a master copy of the device configuration file stored in the DSM 610.

The central registry 620 provides registry service for the associated DSCs and their customer network devices, and support services including dynamic Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP) and Dynamic Host Configuration Protocol (DHCP).

A graphic user interface 651 of the DSM 610 is also configured for the DSM administrator to specify individual device associations, which are defined as a pairing of an existing device configuration with a specific discovered DSC device. Once a device has been associated, the DSM 610 may apply appropriate configuration changes and shall begin forwarding proxy connections to the DSC for network equipment as per a preset set of Access Rules maintained in the IP redirector module 618 in the DSM 610.

As detected DSCs are found and registered, an appropriate icon may appear in the Device Monitoring Service view of the graphic user interface 651. The user may then associate each such registered device with a previously created configured record. Once that is done, additional device settings (including Discovery search records) can be automatically downloaded to the DSC device. Based upon these settings, the DSC will then begin discovering additional network devices and passing traffic.

The User Data Replication Manager 645 in the DSM 610 provides a mechanism for data to be replicated from a DSC to a DSM. The User Data Replication Manager 645 in the DSM 610 generates a local copy of the device configuration file including the configuration record for that DSC. The DSC uses the secured communications channel implemented in SSH to fetch the local copy of the device configuration file from the central registry 620, and then the DSC updates its locally stored copy of the device configuration file. Thus, a shadow configuration registry is maintained on the remotely managed DSC device. The DSC then signals to DSM 610 that the update is complete and the DSM 610 updates the DSC's status of remote configuration in the Central Registry 620 of the DSM 610.

The DSC periodically calls the User Data Replication Manager 645 to see if updates to configuration files, firmware etc. are downloadable. Whatever changes are needed come from the central point being the DSM. All subsequent updates are automatically copied to remote device through an automatically maintained secure communications channel.

After setup, the DSC serves as a local registration authority, accepting registration requests from associated devices on the local LAN, as well as polling for associated devices on the local LAN. The DSC maintains a registry of associated devices and has logic or software configured to automatically register both themselves and associated devices with its parent DSM central Registry 620. This information can then be made available via LDAP and Dynamic DNS, as well as associated directory service application interfaces. Also, the service provider can access authorized remote equipment without changing the network configuration or their customers' existing software. The web interface and built-in directed navigation” system provides graphical views for easy navigation and control.

In an embodiment, the DSM may also have a Discovery Entity Manager, a Device Monitor, and a Configuration Manager. The Discovery Entity Manager manages Device Entities based on entries discovered by the Presence Manager. The Device Monitor Keeps track of the state of the device. Configuration manager provides a mechanism for configuring associated network devices.

The Device Management Subsystem may include the following.

Term Description Discovery Entity Manages Device Entities based on entries Manager discovered by the Presence Manager Device Monitor Keeps track of the state of the device Configuration Manager Provides a mechanism for configuring Associated Devices

As discussed, the DSM GUI interface allows the DSM administrator to configure Automated Device Discovery for each associated DSC and specify a protocol as the search mechanism. When specifying the search, the administrator provides a starting IP address and an optional ending address (indicating that the Discovery Service shall search the entire specified range). The administrator may also specify an optional port number, which if supplied will be used in place of the default protocol port. If using SNMP as the protocol, the administrator can also provide an optional community string.

The Device Entity Manager takes information from presence records, then attempts to pull more information from the device in order to determine its Id. It then populates the Entity Table with the information gathered from the presence records.

The purpose of this is to attempt to recognize devices with multiple network interfaces as a single device.

The entity table looks like this:

Field Description Id The Id of the device Protocol What protocol was used for the scan Parent Id Id of the parent (i.e. the DSC that found the device) MAC Address IP address of device IP Address IP address of device Last Up When this device was last found to be “up” Scan Time When this device was last scanned

The key for this record is the combination of Id, Protocol, and Parent Id. The reason Parent Id should be there is to handle the case of devices that may be unplugged from one DSC domain and re-plugged into a new DSC domain.

The Device Monitor and Config Manager are responsible for picking the info from the latest entry.

The Device Monitor scans the Entity table and the Physical Device Configuration Attribute table and fills/updates any attributes with configuration it's able to poll (inconsistent use of poll/pull—not sure which is correct) from the device.

The configuration attributes include all sellable parameters of a device: port settings, speeds, power levels, web servers, web server ports, etc.

The Physical Configuration Attribute table looks like:

Field Description Id The Id of the device Attribute Attribute name Value Attribute Value Can Read True if this is a value that can be read from the device. Can Write True if this is a value that can be written to the device. Last Updated When this attribute was last updated from the device. Last Queried

The configuration manager is responsible for comparing a Virtual Configuration Attribute record with its associated Physical Configuration Attribute record.

When differences occur, it will send those configurations to the device in question. The Virtual Configuration Attribute table looks like:

Field Description Id The Id of the device Attribute Attribute name Value Attribute Value Enable True if this is an “active” configuration that should be sent to the device. Last When this attribute was last sent from the configuration Pushed manager.

Referring to FIG. 7, the DSC Device Management Subsystem may consist of the following components: a Discovery Presence Manager 730, which manages Devices discovered by the Presence Agents; and multiple Discovery Presence Agents, which each agent attempts to discover associated network devices on a network using a specific protocol. (e.g. ping (ICMP), ARP, 77fe, SNMP, UPnP, etc.)

The Discovery Presence Manager 730 is responsible for the initial phase of discovery. Given parameters for a network scan (e.g. IP inclusion/exclusion ranges, scan times, network polls/sec, etc.), the Presence Manager calls a Presence Agent for each protocol in the discovery process. Presence detection results in a minimal set of information about a device. The Presence record looks something like this:

Field Description MAC Address IP address of device Protocol What protocol was used for the scan Parent Id Id of Parent (i.e. the DSC that found the device) IP Address IP address of device Scan Time When this device was last scanned via this protocol Last Up When this device was last found to be “up” via this protocol

Note, the MAC address+Protocol+Parent Id should be unique.

The Discovery Presence Agents perform the actual act of detection with a specific protocol. Each agent is responsible for a specific protocol. The Platform Subsystem consists of the following components:

Term Description Local Message A method of providing event information to all Bus processes in a system Registry A persistent data store Process Manager Ensures the proper services are running

The Local Message Bus may be implemented via LEBUS. This provides a simple one-way, one-to-many communication of transient events between processes on a local system.

In the DSC-DSM System, the DSM's Registry is considered authoritative. The DSC may gather new information, but that information is sent to the DSM.

OEM/VAR integration is allowed via an API into the Registry and databases are used.

To access devices on a remote network the DSC just needs to establish a single out-bound connection to the DSM controlling the VDN. Once this connection is established, all system configuration, commands and network traffic can pass through the encrypted channel. When the DSC successfully authenticates to the DSM, it can immediately begin providing secure access to individual pieces of pre-authorized equipment. The device server controller that provides DHCP-like auto-configuration for associated devices in its network.

In an alternative embodiment, the DSM GUI interface the DNA administrator saves a DSC device configuration through the web interface to a file on the browser host. Such files shall be digitally signed, to prevent unauthorized modification or alteration and may be emailed, copied across the net or onto a USB Flash memory drive. In this last case, if the USB Flash is inserted into the target DSC and the front panel pushbutton is activated, the DSC shall read the file, verify the digital signature and device settings, and if valid, apply these settings to the device. No previous connection to the DSM is required for this to work.

In addition, the DSM GUI interface the DNA administrator allows a save of a complete DSC system image through the web interface to a file on the browser host. Such files shall be digitally signed, to prevent unauthorized modification or alteration and may be emailed, copied across the net or onto a USB Flash memory drive. In this last case, if the USB Flash is inserted into the target DSC and the DSC is booted while the front panel pushbutton is held down, the DSC shall read the file, verify the digital signature and device settings, and if valid, replace the current system image with the new image. Such an image may include basic Registry settings, including a URL for the parent DSM.

FIG. 2 a illustrates a block diagram of an embodiment of system having a device service manager server located exterior to a first domain protected by a first firewall and a second domain protected by a second firewall.

Each DSC 202, 212, is configured with hardware logic and software to act as both 1) a Host Controller (which establishes connections for both itself and its associated devices in the first domain 204 to the DSM 210 located beyond the first firewall 206 and 2) a Device Controller (which receives and manages incoming connections from the DSM 110 to individual remote target devices in the second domain 216 protected by the second firewall 214. Note, a domain may be any network separated by a firewall or different subnets. The DSC will be able to proxy connections for both itself and its associated devices to its parent DSM located beyond the local domain. Each DSC may be configured to periodically send an outbound communication to check with the DSM to see if any pending TCP connections are waiting.

In an embodiment, the first DSC 202 and the second DSC, 212 have a Conduit Manager to provide the direct network communication tunnel to the DSM 210 by authenticating itself to the DSM 210 and establishing an outgoing TCP/IP stream connection to the DSM 210. The DSC keeps that connection open for future bi-directional communication on the outgoing TCP/IP stream connection. The established and authenticated, bi-directional communication, TCP/IP stream connection may be known as a direct network communication tunnel or conduit tunnel. The IP redirector of the DSM 210 sends routed packets down a first established TCP/IP stream connection to the first DSC 202 and sends routed packets down a second established TCP/IP stream connection to the second DSC 212. The IP redirector of the DSM 210 routes packets for a network component in the first domain 204 behind the first firewall 206 down the first established TCP/IP stream connection to the first DSC 202. The IP redirector of the DSM 210 also routes packets for a network component in the second domain 216 behind the second firewall 214 down a second established TCP/IP stream connection to the second DSC 212. Note, because TCP/IP is a bi-directional stream protocol, the DSM 210 can send routed packets down the open communication conduit tunnel and receive traffic from each DSC 202, 212.

The host console 208 and the subset of equipment in the second network form part of the VDN in which the host console 208 controls and manages the subset in second network by the second DSC 212 traversing outbound through a local firewall and/or a customer's NAT routers to access the subset of equipment on the remote network. The host console 208 establishes a single out-bound connection to the DSM 210 controlling the VDN, which allows two-way communications, and then holds that out-bound connection open. The VDN via the DSCs cooperating with the DSM 210 may create dedicated TCP/IP connections between any two points on the Internet.

FIG. 2 b illustrates a block diagram of an embodiment of a system with DSCs each having a conduit manager configured to provide a direct communication tunnel to the DSM by authenticating itself to the DSM and establishing an outgoing TCP/IP stream connection to the DSM and then keeping that connection open for future bi-directional communication on the established TCP/IP stream connection. A host console 208 b connects to a remote DSC 212 b via a local DSC and the DSM 210 b. The local and the remote DSC 212 b can both hold open a direct communication tunnel between themselves and the DSM 210 b for bi-directional communications. The direct TCP communication tunnel is a two-way TCP/IP stream connection/TCP session that is held opened to the DSM 210 b. The traffic on the incoming connection is then relayed through that session. The Conduit Manager in the remote DSC 212 b may use a certificate-based SSH (Secure Shell) encryption protocol to ensure secure, end-to-end communication between the host console 208 b and the destination target device, such as a Motion Controller, via the direct TCP communication tunnel. After the traffic has been communicated, then the TCP session may then be closed. Thus, the direct TCP communication tunnel may be implemented via SSH.

In an embodiment, the direct TCP communication tunnel can also be a simple TCP port forwarder. The program is just listening to a local TCP port and all the received data will get sent to a remote host, the DSM. The direct TCP communication tunnel allows the user to bypass a firewall that does not allow a remote device to make inbound TCP/IP connections to your server.

The remote DSC is also de-multiplexing the traffic from the direct communication tunnel to the network components on its associated local area network by decoding the header on the traffic and forwarding that traffic onto the target network component. The TCP packet header information in general identifies both the source port originally sending the data and the target destination port receiving the packet.

FIG. 3 illustrates a block diagram of an embodiment of a system having a central DSM and local DSCs to access to and from networked devices in networks protected by firewalls. The virtual device network is created by the DSM 310 and DSCs 302, 312 and the network devices associating with each DSC. The VDN in FIG. 3 operates similarly to the above descriptions for FIGS. 1, 2 a, and 2 b except where noted. The IP redirector may have portions resident in both the DSC and the DSM.

Referring to FIG. 7, the IP redirector may include the access subsystem device management system and registry. The Conduit Manager 724 in the DSC notifies local DSC processes that the SSH session to the DSM has been fully established. The conduit's SSH shell session is attached to the IP redirector program portion in the DSM. The IP redirector program then sends periodic beacon packets that the DSC can use to ensure the direct communication tunnel is established and active. Some minor protocol capabilities may be present to allow the DSC/DSM 110 to perform bandwidth/latency estimates. SSH's TCP port-forwarding feature can be used to pass all other control and tunnel data between the DSM and DSC. The Conduit Manager 724 may also negotiate the “remote” port it can listen on from the DSM.

FIG. 4 illustrates a state diagram of an embodiment of the Conduit Manager in the DSC. The Conduit Manager contains code to start and stop the direct TCP communication tunnel, determine when this direct TCP communication tunnel is idle or unexpectedly interrupted, etc. In block 402, when a pending TCP connection request comes in, the Conduit manager checks to see if any SSH tunnel is already established with the DSM. If not, in block 404, the Conduit manager establishes a full or partial SSH session. In block 406, the Conduit manager negotiates authentication of that DSC with the DSM by each verifying their identity.

After the SSH session has been fully established and an identity of the DSC responsible for the point of origin is authenticated with the DSM, then in block 408 traffic is allowed to pass in both directions in the direct communication tunnel.

In block 410, if the tunnel has already been established, the DSC redirects the socket and refreshes the tunnel timer.

Referring to FIG. 6, the DSM 610 has an IP redirector program that consists of multiple routines implemented in software, logic or a combination of both. The DSC may also contain a portion of the IP redirector program. The IP redirector program may include portions in the DSC such as the Conduit Manager in the DSC, which has code scripted to provide basic secured network communication and manage the conduit tunnel between a DSC and the DSM and the Tunnel Manager in the DSC.

The Tunnel Manager 624 portion of the IP redirector in the DSM 610 has code scripted to provide a secured multiplexed TCP session between the DSM and a DSC operating in Demux mode and the DSM and a DSC operating in Mux mode.

The above processes may be implemented by software code written in a given programming language, hardware logic components and other electrical circuits, or some combination of both.

Accordingly, in an embodiment, the software used to facilitate the algorithms discussed above can be embodied onto a machine-readable medium. A machine-readable medium includes any mechanism that provides (e.g., stores and/or transmits) information in a form readable by a machine (e.g., a computer). For example, a machine-readable medium includes read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; Digital VideoDisc (DVD's), EPROMs, EEPROMs, FLASH memory, magnetic or optical cards, or any type of media suitable for storing electronic instructions.

Some portions of the detailed descriptions above are presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. These algorithms may be written in a number of different software programming languages. Also, an algorithm may be implemented with lines of code in software, configured logic gates in software, or a combination of both.

It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the above discussions, it is appreciated that throughout the description, discussions utilizing terms such as “processing” or “computing” or “calculating” or “determining” or “displaying” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers, or other such information storage, transmission or display devices.

In an embodiment, the logic consists of electronic circuits that follow the rules of Boolean Logic, software that contain patterns of instructions, or any combination of both.

While some specific embodiments of the invention have been shown the invention is not to be limited to these embodiments. For example, most functions performed by electronic hardware components may be duplicated by software emulation. Thus, a software program written to accomplish those same functions may emulate the functionality of the hardware components in input-output circuitry. The invention is to be understood as not limited by the specific embodiments described herein, but only by scope of the appended claims. 

We claim:
 1. An apparatus, comprising: a device service manager server (DSM) having an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that each have a management module to manage an access module to proxy communications for networked devices behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file in the DSC is scripted with code to at least include to determine a unique ID of that individual DSC device, to determine a current IP address of the DSC, to supply an IP address on the wide area network of the DSM, and to activate code to initiate communications with the DSM, wherein a device configuration engine in the DSC without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel to the supplied IP address of the DSM, and the IP redirector module receives this configuration information, cooperates with a user data replication manager module in the DSM to create a device configuration file with the initial configuration information and additional information and then makes a master copy of the device configuration file in a registry of the DSM.
 2. The apparatus of claim 1, wherein a copy of the executable boot up file is embedded in a thumb drive with the executable boot up file scripted to request no network configuration settings from an end-user to properly install the DSC onto an existing network, where the thumb drive accompanies the DSC device and the DSC is a stand alone device further including a power connection and a network connection, which is deployed in the existing network by merely physically plugging in power to the power connection, plugging in the network connection to the existing network, and inserting the supplied thumb drive into a drive port.
 3. The apparatus of claim 2, wherein the DSC uploads the boot up file from the thumb drive via the drive port, uses contents of the executable boot up file to establish the secure communication channel, implemented via SSH, between the DSC and the DSM, connects to the DSM at its IP address on the WAN implemented via the Internet, and then authenticates itself via the unique ID to the DSM, wherein the DSM then looks up the unique ID in a reference table maintained in the DSM.
 4. The apparatus of claim 1, wherein the user data replication manager module distributes the device configuration file back out across the wide area network to the appropriate DSC in response to the DSC's registering with the registry in the DSM and also in response to a given DSC performing a system reset.
 5. The apparatus of claim 1, further comprising: an auto discovery service resident in each DSC configured to find networked equipment on a local network, and the auto discovery service is configured to discover associated network devices on the local network by using a polling technique, wherein the DSC has a Graphical User Interface (GUI) to ask whether each discovered piece of network equipment protected by the firewall should be visible for remote access by at least the DSM, and then the DSC device collects and sends out the initial configuration file with the designated visible network device information to the DSM via the secure communication channel, which the DSM automatically registers both the DSC and any associated network devices in the DSM-hosted Identity Registry.
 6. The apparatus of claim 1, further comprising: a graphic user interface of the DSM to configure an automated device discovery service for each associated DSC, which creates multiple individual scan records that specify a specific protocol as a search mechanism, wherein when the automated device discovery service is activated, scan records are copied to the appropriate DSC, which uses the scan records to initiate periodic scans of the DSC's local LAN for attached network devices.
 7. The apparatus of claim 6, further comprising: a discovery record created by the DSC for each network device discovered, and the discovery record includes at least an IP address of the discovered device, the discovery protocol used to locate the discovered network device, and an identifier of the discovering DSC; wherein resulting discovery records are replicated back to the DSM for use by the DSM.
 8. The apparatus of claim 5, wherein a graphic user interface of the DSM creates a full device configuration record in the registry from the initial configuration file with additional information including making pair associations of an existing device configuration with a specific discovered device and a master copy of the device configuration file is stored in the DSM.
 9. The apparatus of claim 1, wherein the DSM provides registry service for each associated DSC and their network devices, as well as support services including dynamic Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP) and Dynamic Host Configuration Protocol (DHCP).
 10. The apparatus of claim 1, further comprising: a graphic user interface of the DSM configured to specify individual device associations, which are defined as a pairing of an existing device configuration with a specific discovered DSC device, wherein once a device has been associated, the DSM applies appropriate configuration changes and begins forwarding proxy connections to the DSC for network equipment as per a preset set of Access Rules maintained in the DSM.
 11. The apparatus of claim 8, further comprising: a data replication manager in the DSM generates a local copy of the device configuration file from the master copy and then sends the local copy to the DSC for use and storage in the DSC.
 12. The apparatus of claim 11, wherein the DSC uses the secured communications channel implemented in SSH to fetch the local copy of the device configuration file from the DSM, and then the DSC updates its locally stored copy of the device configuration file, where the DSC then signals to DSM that the update is complete and the DSM updates the DSC's status of remote configuration in the registry of the DSM.
 13. The apparatus of claim 1, wherein the DSM provides centralized administration of a distributed system of DSC across the wide area network and proxy communications between those DSCs, where each DSC of the two or more DSCs serves as a local registration authority, accepting registration requests from associated network devices on a local network, as well as polling for associated network devices on the LAN.
 14. An apparatus, comprising: a device service controller (DSC) having a power connection, a network connection, a port for a portable computer readable medium, code resident in the DSC to read configuration information in the portable computer readable medium with an executable boot up file when prompted, and an access module to proxy communications for networked devices on a local area network with the DSC, wherein the executable boot up file in the DSC is scripted to at least include device configuration information to determine a unique ID of that DSC device, determine the DSC's current IP address, supply the IP address of a device service manager server (DSM) on the wide area network, and code to initiate communications with the DSM, and where the DSC uploads the executable boot up file from the portable computer readable medium, uses contents of the boot up file to establish a secure communication SSH channel between the DSC and the DSM, connects to the DSM at its IP address on the wide area network, authenticates itself to the DSM, and then the DSM distributes a device configuration file to be locally used by the DSC based on the device configuration information supplied from the DSC to the DSM.
 15. The apparatus of claim 14, further comprising: a device configuration engine in the DSC configured to without a prompt by the DSM to send the device configuration information in an initial configuration file with at least the unique ID of the DSC device and the DSC's current IP address information via the secure communication channel to the DSM, and an IP redirector module receives this configuration information in the DSM, wherein DSM also has a user data replication manager module to create the device configuration file with the supplied device configuration information and additional information and then to make a master copy of the device configuration file in the DSM's registry.
 16. The apparatus of claim 15, wherein the DSC has a module configured to serve as a local registration authority accepting registration requests from associated network devices on a local network, the user data replication manager module distributes the device configuration file back out across the wide area network to the appropriate DSCs in response to the DSC's registering with the DSM and also in response to a given DSC performing a system reset, and the portable computer readable medium is a Universal Service Bus drive.
 17. A method for administration of a distributed system of remote device controllers across a wide area network and proxy communications between those remote device controllers, comprising: cooperating a central management station with two or more remote device controllers in the distributed system of remote device controllers, where a first remote device controller of the two or more remote device controllers proxy communications thru the central management station for networked devices behind a firewall on the wide area network relative to a location of the central management station on the wide area network; distributing configuration information to the first remote device controller via a portable computer readable medium; reading configuration information in the portable computer readable medium with an executable boot up file when prompted because the firewall can block direct communications with the first remote controller; determining device configuration information including a current IP address of the first remote device controller and other information unique to the first remote device controller; initiating a secure communication channel with an IP address of the central management station supplied in the configuration information in the portable computer readable medium; creating the secure communication channel with the central management station via opening an outward bound bi-directional connection through the firewall with the central management station, sending an initial configuration file with at least the first remote device controller's current IP address and other information unique to the first remote device controller via the secure communication channel to the central management station; receiving this configuration information and creating a device configuration file with the configuration information and additional information and then making a master copy of the device configuration file in the central management station's registry; generating a local copy of the device configuration file from the master copy; and distributing the local copy to the remote device controller for use and storage in the first remote device controller.
 18. The method of claim 17, further comprising: deploying the first remote device controller in a local network protected the firewall by merely supplying power to the first remote device controller, plugging in the network connection of the first remote device controller to the local network, and reading the configuration information from the supplied portable computer readable medium.
 19. The method of claim 17, further comprising: accepting registration requests from associated network devices on a local network; polling for associated network devices on the LAN; reporting whether each discovered piece of network equipment protected by the firewall should be visible for remote access by at least the central management station; and sending out the initial configuration file also including the designated visible network device information to the central management station via the secure channel, which the central management station registers both the first remote device controller and any associated network devices in the central management station's registry.
 20. The method of claim 17, further comprising: creating a full device configuration record in a central registry from the initial configuration file with additional information including making pair associations of an existing device configuration with a specific discovered device.
 21. An apparatus, comprising: a device service manager server (DSM) having an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that are behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM then sends an initial configuration file to the DSM which makes a master copy of the device configuration file in a registry of the DSM for that DSC.
 22. The apparatus of claim 21, wherein an executable boot up file uploaded via a drive port in that DSC is scripted with code to at least include to determine a unique ID of that individual DSC device, to determine a current IP address of the DSC, to supply an IP address on the wide area network of the DSM, to determine an IP address of any network devices on the same network as that DSC, and to activate code to initiate communications with the DSM, wherein a device configuration engine in the DSC without a prompt by the DSM then sends the initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel to the supplied IP address of the DSM, and the IP redirector module receives this configuration information, cooperates with a user data replication manager module in the DSM to create a device configuration file with the initial configuration information and additional information and then makes the master copy of the device configuration file in the DSM's registry. 